Results 1 to 10 of 10

Thread: Upgrade from 4.5.10 to 5.0.0b3 broke permissions

  1. #1
    Join Date
    Nov 2007
    Posts
    30
    Rep Power
    8

    Exclamation Upgrade from 4.5.10 to 5.0.0 RC2 broke permissions

    I have upgraded from 4.5.10 to 5.0.0 RC2.

    I love the beta!

    The Installer though.... Not so much.

    What I am seeing is a whole lot of files are now owned by root instead of zimbra.
    This was first noticed because our SSL stuff quit working.
    This is the long directory listing for the /opt/zimbra/ssl/ssl directory before:

    [zimbra@zimbox ssl]$ ls -l zimbra/ssl/ssl/
    total 56
    -rw-r----- 1 zimbra zimbra 1731 Oct 29 17:37 MAIL1.TOOLCASE.COM.crt
    -rw-r----- 1 zimbra zimbra 1239 Oct 29 17:58 MAIL1.TOOLCASE.COM.der
    drwx------ 2 zimbra zimbra 4096 Sep 27 23:55 ca
    drwx------ 2 zimbra zimbra 4096 Sep 27 23:55 cert
    -rw-r----- 1 zimbra zimbra 694 Oct 29 10:37 commercial.csr
    -rw-r----- 1 zimbra zimbra 5592 Oct 29 21:31 commercial.keystore
    -rw-r----- 1 zimbra zimbra 1257 Oct 29 17:49 keystore
    drwx------ 3 zimbra zimbra 4096 Sep 27 23:55 newCA
    -rw-r----- 1 zimbra zimbra 2706 Oct 10 15:06 original_zimbra_ssl_configuration_files.tgz
    drwx------ 2 zimbra zimbra 4096 Sep 27 23:55 server
    -rw-r----- 1 zimbra zimbra 2706 Oct 24 12:02 server.tgz
    -rw-r----- 1 zimbra zimbra 7645 Sep 27 23:55 zmssl.cnf
    [zimbra@zimbox ssl]$


    And After:

    [zimbra@zimbox ssl]$ ls -l /opt/zimbra/ssl/ssl
    total 60
    -rw-r----- 1 root root 1731 Oct 29 17:37 MAIL1.TOOLCASE.COM.crt
    -rw-r----- 1 root root 1239 Oct 29 17:58 MAIL1.TOOLCASE.COM.der
    drwx------ 2 zimbra zimbra 4096 Sep 27 23:55 ca
    drwx------ 2 zimbra zimbra 4096 Sep 27 23:55 cert
    -rw-r----- 1 root root 694 Oct 29 10:37 commercial.csr
    -rw-r----- 1 root root 5592 Oct 29 21:31 commercial.keystore
    -rw-r----- 1 root root 1257 Oct 29 17:49 keystore
    drwx------ 3 zimbra zimbra 4096 Sep 27 23:55 newCA
    -rw-r----- 1 root root 2706 Oct 10 15:06 original_zimbra_ssl_configuration_files.tgz
    drwx------ 2 zimbra zimbra 4096 Sep 27 23:55 server
    -rw-r----- 1 root root 2706 Oct 24 12:02 server.tgz
    -rw-r----- 1 root root 7645 Sep 27 23:55 zmssl.cnf
    [zimbra@zimbox ssl]$


    Is there a quick fix (script, etc...) for restoring the ownership of the files that should be owned by zimbra?
    (My question is in regards to the entire /opt/zimbra directory structure, not just this one directory...
    I can fix this, but what else is broken.... that's the real issue...)

    Thanks!!!
    Last edited by toolcaserp; 12-11-2007 at 01:28 PM. Reason: fixed the beta revision from beta 3 to RC2

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    The answer is the zmfixperms script. You are installing an old beta instead of the current RC2 release, why? I do hope you're not upgrading a production server?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Nov 2007
    Posts
    30
    Rep Power
    8

    Default

    Quote Originally Posted by phoenix View Post
    The answer is the zmfixperms script. You are installing an old beta instead of the current RC2 release, why? I do hope you're not upgrading a production server?
    Thanks Bill, I referred to the package incorrectly.
    This was downloaded last week.... The actual package is:
    zcs-NETWORK-5.0.0_RC2_1745.RHEL4_64.20071120125046

    I will find the zmfixperms script. Thanks!!!!!

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    You'll find that in ~/libexec, sorry I forgot that.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Join Date
    Aug 2007
    Posts
    103
    Rep Power
    8

    Default

    the installer didnt run the zmfixperms script?
    In the 4.5 upgrades I have done I found it annoying/unneeded how many times that script ran

  6. #6
    Join Date
    Nov 2007
    Posts
    30
    Rep Power
    8

    Default

    The script explicitly changes everything in the ssl directory to be owned by root (the cause of my original problem....):
    if [ -d ${zimbra_home}/ssl ]; then
    printMsg "Fixing ownership and permisions on ${zimbra_home}/ssl"
    find ${zimbra_home}/ssl -type f -exec chown ${root_user}:${root_group} {} \;
    find ${zimbra_home}/ssl -type f -exec chmod 640 {} \;
    fi


    Why? Why? Why? The zimbra user account cannot access the keystore if the keystore isn't readable so SSL quits working when the Zimbra software is restarted...

  7. #7
    Join Date
    Nov 2007
    Posts
    30
    Rep Power
    8

    Default

    Quote Originally Posted by mcesari View Post
    the installer didnt run the zmfixperms script?
    In the 4.5 upgrades I have done I found it annoying/unneeded how many times that script ran
    It appears it did and caused my problems.

    Perhaps the solution is to add the zimbra user to a privileged group like "root"...

  8. #8
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Quote Originally Posted by toolcaserp View Post
    Why? Why? Why? The zimbra user account cannot access the keystore if the keystore isn't readable so SSL quits working when the Zimbra software is restarted...
    Dude, chill.
    It's a beta. It has bugs. Welcome to software testing.

  9. #9
    Join Date
    Nov 2007
    Posts
    30
    Rep Power
    8

    Default

    Quote Originally Posted by jholder View Post
    Dude, chill.
    It's a beta. It has bugs. Welcome to software testing.
    I do realize it's a beta....

    So the short term solution is to add the zimbra user to the root group.

  10. #10
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    I think it's likely because where enhancing security of the directories, etc. So it's likely that it got messed up somehow.

Similar Threads

  1. Replies: 5
    Last Post: 12-27-2007, 07:52 AM
  2. Replies: 5
    Last Post: 12-04-2007, 05:40 PM
  3. Replies: 7
    Last Post: 11-28-2007, 01:49 PM
  4. Zimlet disappear after upgrade to 4.5.10
    By Chadsel Chen in forum Installation
    Replies: 1
    Last Post: 11-26-2007, 07:42 PM
  5. MTA is Dying after yum update
    By tonyawbrey in forum Administrators
    Replies: 27
    Last Post: 04-02-2006, 07:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •